CVE-2026-22871CRITICAL 9.8EPSS p56.4%

CVE-2026-22871CVE-2026-22871

Description

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. This vulnerability is fixed in 2.7.1.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.95% probability of exploitation · percentile 56.4% · 2026-06-19T12:03:05Z
Published2026-01-13
Last modified2026-01-21

Underlying weaknesses· 1

CWE-22

References

  1. https://github.com/DataDog/guarddog/commit/9aa6a725b2c71d537d3c18d1c15621395ebb879c
  2. https://github.com/DataDog/guarddog/security/advisories/GHSA-xg9w-vg3g-6m68

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-44971
CVE
CVE-2026-8643
CVE
CVE-2025-47273
CVE
CVE-2026-10254
CVE
CVE-2025-41736
CVE
CVE-2026-30281
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.